Mastering Step Four of Zero Trust: Policy Creation
Find Threat Talks on
Mastering Step Four of Zero Trust: Policy Creation
Now that you’ve defined your protect surfaces, mapped your transaction flows and built your Zero Trust architecture, it’s time for step four of Zero Trust: creating policy. In other words, it’s time to turn strategy into actual rules.
In this episode of Threat Talks, host Lieuwe Jan and Koning and Field CTO of ON2IT Rob Maas talk through how to create and validate Zero Trust policies.
They explore:
• What makes a ‘good’ policy (and why broad strokes won’t cut it)
• How to apply the Kipling method to policy creation
• Why policies need ongoing validation to stay effective
Make sure to stay tuned for the second part of this episode as well, where Lieuwe Jan and Rob dive into the specifics of policy for administrative access.
Additional Resources:
Your cybersecurity experts
Lieuwe Jan Koning
Co-Founder and CTO
ON2IT
Rob Maas
Field CTO
ON2IT
Episode details
With your architecture in place, it’s now time to talk policy. Step four of Zero Trust is where the rubber meets the road and where the controls become specific rules and policy.
In this episode of Threat Talks, host Lieuwe Jan Koning sits down with ON2IT Field CTO Rob Maas to break down what makes a Zero Trust policy effective, and why specificity is key. Together, they explore how business requirements influence technical rules, and how to best go about translating real-world needs into firewall rules, endpoint controls, and cloud configurations.
Key topics include:
• What makes a ‘good’ policy (and why broad rules won’t cut it)
• How the Kipling method helps create specific and effective policies
• Why policy validation isn’t just about checking boxes
PS. This is part A of a two-part episode. In part B, they’ll tackle policies for admin access.
Get your Hacker T-shirt
Join the treasure hunt!
Find the code within this episode and receive your own hacker t-shirt for free.
